Facebook CAPTCHA no match for spyware attack

Distributors

Hackers have found a way to create automated Facebook pages and are using them to spread spyware to unsuspecting users, says antivirus and Internet security firm AVG Technologies.

In a blog entry posted Thursday morning, Research Chief Roger Thompson said that AVG's LinkScanner users had started detecting some "rogue spyware attacks" that were coming from Facebook pages. When AVG started looking at the pages, it noticed that the Facebook profiles featured pictures of the same woman and merely had different names to differentiate them. Each page had a link to a supposed video that would infect user computers with spyware if clicked.

Thompson says that there are likely untold numbers of such rogue Facebook profiles on the Web right now, meaning that the hackers have somehow found a way to bypass Facebook's CAPTCHA system that requires users to retype a series of letters to activate an account. Thompson said that while Facebook will certainly delete any rogue accounts it finds, the accounts "can't be an easy thing for them to find" and will thus be difficult to eliminate.

The Facebook spyware attack coincides with an FBI warning released today saying that cybercriminals are increasingly using social networking websites such as Facebook to launch attacks. Among the popular techniques used by hackers are hijacking a user's account and sending spam to their friends that leads to a phishing site; creating applications on the site that include malware or rougue antivirus software; and using malware to gain access to users' personal information on their profiles.

Slideshows

Selling beyond the CIO – How partners can influence the new breed of tech buyers

This ARN Roundtable, in association with Oracle, highlighted the emergence of a new breed of technology buyer, assessing how partners can engage outside of IT, and the skills required to sell across new business units.

Copyright 2018 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.